Acronis Cyber Protect Cloud Advanced Data Loss Prevention (DLP)
A DLP solution, designed to reduce management complexity for you
Unlock new profitability opportunities
Improve your revenue per client with highly demanded MSP-managed DLP services
Improve your productivity and avoid runaway costs
Reduce the time spent on provisioning and configuration via automated, clientspecific, baseline DLP policy creation
Reduce data leakage risks for clients
Minimize clients’ insider-related data breach risks by preventing sensitive information leakage via peripheral devices and network communications
Overview:
A DLP solution, designed to reduce management complexity for you
Advanced DLP empowers you with unmatched provisioning and management simplicity, to prevent data leakage from clients’ workloads via peripheral devices and network communications. With automatic initial DLP policy creation, you can accurately and efficiently create business-specific policies for each client.
Context- and content-aware controls
Protect clients’ sensitive data – prevent data leakage from workloads via peripheral devices and network communications by analyzing the content and context of data transfers and enforcing policy-based preventive controls.
Automatic, client-specific initial DLP policy creation
Stop drilling down into client business details and defining policies manually. Business-specific baseline DLP policies are created automatically by monitoring sensitive, outgoing data flows.
Adaptive DLP policy enforcement option
Eliminate manual work usually needed to adjust and update a DLP policy after initial enforcement. Automatically expand the enforced policy with with additional rules to allow and protect new, previously unused business data flows.
Enhance your security service tech stack with streamlined data loss prevention
Unlock new profitability opportunities
- Improve your revenue per client with high-demand, MSP-managed DLP services.
- Control your TCO and enable better margins with easier service tiering by using a single, integrated platform for backup and disaster recovery, next-generation anti-malware, email security, workload management and data loss prevention.
Improve your productivity and prevent runaway costs
- Reduce the time spent on DLP policy configuration and service provisioning via automated, client-specific initial DLP policy creation.
- Align DLP policies with business requirements and minimize errors. Enable optional end-user justification of sensitive data transfers during initial automatic policy creation and easy client validation prior enforcement.
- Simplify compliance reporting and increase visibility of DLP performance with information-rich widgets and configurable log collection.
Reduce data leakage risks for clients
- Minimize insider-related data breach risks by preventing sensitive information leakage via peripheral devices and network communications.
- Minimize the impact of human error and enforce company-wide acceptable data use policies.
- Strengthen clients’ regulatory compliance by protecting data that is subject to regulations.
- Lower your cyber insurance premiums with better protection of clients’ data.
Effortlessly provision DLP services with an observation mode
In the observation mode, the agent monitors clients’ endpoint computers for outgoing, sensitive data flows to generate the baseline DLP policy automatically or, alternatively, with end-user justification of the riskiest data transfers.
Reduce management burdens with multiple DLP policy enforcement options
Once the DLP policy is validated with clients, you can enforce it to start protecting their data. Enforcement mode enables you to select how to enforce DLP policies:
- Strict enforcement — enforces the DLP policy as defined, without extending it with new data flow rules. Any data transfer that doesn’t match a defined data flow rule in the policy is blocked unless the end user requests a one time business-related exception.
- Adaptive enforcement — enforces the DLP policy but offers flexibility by automatically extending it with new rules for allowing previously unobserved business-related data flows.
Demonstrate your value to clients with powerful widgets
Enable ongoing reporting to clients with powerful widgets, that demonstrate the value of your DLP services. Provide service technicians and clients with visibility into blocked sensitive data flows; most active data senders; users with most blocked data transfers; and all sensitive data transfers split by category (blocked, allowed or justified).
Differentiate your DLP services with an edge over the competition
Current DLP solutions require costly security expertise and deep knowledge of clients’ business processes, together with complex, error-prone, manual configuration to ensure client-specific policies. With Advanced DLP, you can prevent data leaks for clients with the provisioning speed and policy-management ease you need.
Automated DLP policy creation
Minimize manual work and the risk of errors. Simplify provisioning by automatically generating an initial DLP policy for each client.
Client-specific DLP policies
Monitor outgoing sensitive data flows across organizations to automatically map clients’ business processes to a DLP policy — adjusted to their specifics. Leverage optional end-user assistance for higher accuracy, and request client validation before enforcing a policy.
TComprehensive array of controlled channels
Control data flows across local and network channels, including removable storage, printers, redirected mapped drives and clipboard, emails and webmails, instant messengers, file sharing services, social networks, and network protocols.
Unmatched DLP controls to differentiate your service
Ensure web-browser- independent control of data transfers to social media, webmail and file-sharing services. Leverage content inspection of outgoing instant messages and sensitive-data detection in images on remote and offline computers.
Centralized cyber protection with single console
Control your TCO, reduce management overhead and boost margins by using a single solution that integrates backup, disaster recovery, next-generation anti-malware, email security, workload management, and data loss prevention.
Features:
Acronis Cyber Protect Cloud Advanced Data Loss Prevention (DLP)
The only DLP solution designed for MSPs to prevent leakage of sensitive data via peripheral devices and network channels with automatic, client-specific DLP policy creation.
Content- and context-aware DLP controls
Prevent leakage of sensitive data from clients’ organizations. Advanced DLP detects the sender, recipient, channel used and sensitive content for each data transfer to apply policy-based preventive DLP controls.
Automatic DLP policy creation (Observation mode)
Simplify service provisioning and initial DLP policy configuration. The solution observes end user behavior to automatically map clients’ business specifics to DLP rules to create client-specific DLP policies.
Adaptive DLP policy enforcement (Enforcement mode)
Enable automatic enrichment of enforced DLP policies by learning from end users. The adaptive enforcement option unlocks automated, user-assisted extensions of enforced policies with new data flows.
Content-aware control over data flows to peripheral devices
Control data transfers to peripheral devices such as printers, removable storage and mapped drives across clients’ organizations and ensure no sensitive data in use can leak through such local channels.
Network communications control
Control data transfers via network channels such as emails, cloud file sharing services, web browsers and social media. Prevent leakage of sensitive data in motion across clients’ organizations.
Pre-built data classifiers
Protect clients’ sensitive data out of the box with pre-built data classifiers for personally identifiable information (PII), protected health information (PHI), payment card data (PCI DSS), documents marked as “Confidential.”
Strict DLP policy enforcement (enforcement mode)
For clients that require more strict controls, you can enforce the DLP policies as they’re defined, also blocking any new data flows not observed during the observation mode period.
Clipboard control for remote connections
Prevent data leaks at their earliest stage — when data is transferred between the corporate computer and BYOD devices or remote terminals via a redirected clipboard.
Optical character recognition (OCR)
Prevent leakage of textual data in graphical format, even for offline and remote endpoints. Leverage an agent-resident optical character recognition for 30+ languages without sending images to OCR servers.
Content inspection and filtering
Protect clients’ sensitive data from leaking by analyzing and filtering the textual and binary content of data transferred via local and network channels, including inspection of nested archives. Benefit from text parsing for 100+ file, 40+ archive, and five-print formats.
Real-time alerting
Empower policy-based, real-time alerting for relevant DLP events to increase DLP administrators’ visibility and allow them to react to critical security events in a timely manner.
Policy-based logging
Enable easy auditing and IT investigations by automatically and selectively collecting audit logs for security events for each DLP policy rule. Leverage a cloud-native, secure, always available central log and secure delivery along with configurable log retention settings.
DLP event viewer
Increase the efficiency of your service technicians with a single-pane-of-glass view across all DLP events with fast search and filtering capabilities.
Reporting
Demonstrate your service value to clients and ease compliance reporting with information-rich widgets that provide a clear view of actionable data loss prevention statistics that can easily be sent to clients as reports.
On-screen notification to end users
Increase end users’ data loss prevention awareness and reduce time spent by IT administrators on investigating with interactive on-screen warnings that explain why certain data transfer attempts have been blocked by DLP rules.
Block override support
Ensure clients’ business continuity by allowing end users to override a data transfer block in case of extraordinary situations by providing a one-time business-related exception.
Encrypted removable storage support
Better protect clients data by neutralizing the risks of sensitive data leaving your clients workloads via unencrypted removable storage devices (e.g. USBs). Advanced DLP can detect encrypted removable storage devices and allow data transfers only to them.
Frequently Asked Questions:
How complex is it to provision and manage services on top of Acronis Advanced DLP?
Service providers can leverage Advanced DLP to deliver data loss prevention services without adding costly security expertise headcount on their end.
Advanced DLP removes the inherent complexity of DLP solutions historically focused at enterprises, with automatic client-specific DLP policy creation achieved by learning from end users.
Advanced DLP also streamlines DLP service management. Once the initial DLP policy is generated automatically in an easy to understand and validate graphical format, the enforced DLP policy can be extended with additional rules to allow and protect newly observed data flows through an automated, user-assisted process.
The advanced pack is natively integrated into Acronis Cyber Protect Cloud, allowing you to centralize service management and provisioning and manage clients per tenant while integrating it with the most common RMM and PSA tools used by service providers.
The unmatched level of data loss prevention automation offered by Advanced DLP, with its MSP-centric design, makes it easy to launch a comprehensive DLP service without high costs for Acronis partners.
What types of clients could be protected with Advanced DLP?
Data loss prevention protects against leakage of sensitive data. Service providers can launch services on top of Advanced DLP oriented with clients that store regulated sensitive information such as personally identifiable information (PII), protected health information (PHI), or payment card data (PCI DSS). DLP services are also critical for clients that need to protect confidential corporate information.
Traditional industries that rely more heavily on data loss prevention are banking and finance (BFSI), healthcare, government, IT providers and telecoms, manufacturing, legal, retail and logistics.
How are services with Advanced DLP usually provisioned?
Provisioning data loss prevention services could be a complex and costly process, historically requiring additional consultation from DLP vendors. Advanced DLP, however, is specifically designed to remove this complexity and enable service providers to include a comprehensive DLP into their practice.
The service is provisioned to clients through the Acronis Cyber Protect Cloud agent and requires only a flick of a switch in the management console. In initial provisioning, Advanced DLP should be set in observation mode to automatically create the initial DLP policy by observing end users’ behavior and optionally requiring a one-time justification from them for newly detected data flows. The baseline data loss prevention policy creation period should take between one and two months, depending on the quantity of observed data flows during that period.
Once generated, the baseline (initial) DLP policy is presented in an easy-to-understand graphical format. It is then validated with clients, who best understand their business’ specifics and can help make the DLP rules more accurate. The validation process is extremely easy, requires no technical knowledge from clients, and is done in just a few hours.
Once validated, the data loss prevention policy is enforced to allow all business-related transfers of sensitive data while blocking any sensitive data transfer that is not used in the business process. The policy can be enforced in two ways — strict enforcement or adaptive enforcement. In adaptive enforcement, you can leverage automated, user-assisted extensions of enforced policies with additional rules to allow and protect new data flows that were not observed when creating the initial DLP policy. The adaptive enforcement mode enables better business continuity, ensuring new data flows will not be blocked. The strict enforcement mode is for clients who require more strict controls, Advanced DLP will block any new data flows that do not match already approved ones in the DLP policy.
Documentation:
Download the Acronis Cyber Protect Cloud Advanced Data Loss Prevention Datasheet (PDF).